[Snyk] Fix for 1 vulnerabilities

[Cryptix720]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	823/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: npm

The new version differs by 250 commits.

• 30a9844 7.21.0
• 0b2cd9d update AUTHORS
• 06461ec docs: changelog for v7.21.0
• 771a1cb chore(tests): fix snapshots
• 71cdfd8 spdx-license-ids@3.0.10
• 94f92de make-fetch-happen@9.0.5
• 7ac621c smart-buffer@4.2.0
• 218caca is-core-module@2.6.0
• ff6626a fix(docs): update npm-publish access flag info
• b6f40b5 tar@6.1.10
• e9e5ee5 @ npmcli/arborist@2.8.2
• 991a3bd read-package-json@4.0.0
• f077724 init-package-json@2.0.4
• 68a19bb fix(error-message): look for er.path not er.file
• ff34d6c feat(cache): initial implementation of ls and rm
• 8183976 normalize-package-data@3.0.3
• df57f0d @ npmcli/run-script@1.8.6
• 487731c fix(logging): sanitize logged argv
• 7a58264 chore(ci): check that docs are up to date in ci
• 22f3bbb chore(docs): add more 'autogenerated' comments
• 4314490 fix(docs): revert auto-generated portion of docs
• 32e88c9 fix(did-you-mean): switch levenshtein libraries
• 59b9851 7.20.6
• 2591e67 update AUTHORS

See the full diff

Package name: npm-registry-fetch

The new version differs by 249 commits.

• 16893c3 chore: release 15.0.0
• a97564f deps: bump make-fetch-happen from 11.1.1 to 12.0.0 (#195)
• e154d49 deps: bump minipass from 5.0.0 to 7.0.2
• b875c26 fix: drop node14 support (#193)
• baaa886 chore: postinstall for dependabot template-oss PR
• 5d15eeb chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 7e4427e chore: postinstall for dependabot template-oss PR
• e02d4ef chore: bump @ npmcli/template-oss from 4.15.1 to 4.17.0
• 1136eae chore: postinstall for dependabot template-oss PR
• c267ac6 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1
• dbb86ff chore: release 14.0.5
• 975016e chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (#182)
• a2d5880 deps: bump minipass from 4.2.7 to 5.0.0 (#177)
• 2285097 chore: release 14.0.4
• 991f0d5 chore: enable auto-publish (#181)
• 15dd221 fix: clean password by using url object itself (#178)
• 71d8f72 chore: bump @ npmcli/template-oss from 4.12.0 to 4.13.0 (#180)
• 14d1159 docs: update API documentation of noProxy option (#173)
• 2daa377 chore: postinstall for dependabot template-oss PR
• c27a9bc chore: bump @ npmcli/template-oss from 4.11.4 to 4.12.0
• 2925157 chore: postinstall for dependabot template-oss PR
• 71ccbc2 chore: bump @ npmcli/template-oss from 4.11.3 to 4.11.4
• dcedc45 chore(deps): remove mkdirp and rimraf (#170)
• 0baa9a9 chore: postinstall for dependabot template-oss PR

See the full diff

Package name: pacote

The new version differs by 250 commits.

• 5cdbfd1 chore: release 16.0.0
• 8dc6a32 deps: bump minipass from 5.0.0 to 7.0.2
• 7cebf19 deps: bump npm-registry-fetch from 14.0.5 to 15.0.0
• 73b6297 fix: drop node14 support (#290)
• 53cf17e chore: postinstall for dependabot template-oss PR
• 865d5c7 chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 040add9 chore: postinstall for dependabot template-oss PR
• a847b82 chore: bump @ npmcli/template-oss from 4.15.1 to 4.17.0
• b1760e8 chore: postinstall for dependabot template-oss PR
• b0fd5fb chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1
• 64f7254 chore: release 15.2.0
• 3307ad9 feat: configurable TUF cache dir (#278)
• 70bac1b chore: release 15.1.3
• c99db13 deps: bump minipass from 4.2.7 to 5.0.0 (#271)
• 7d96b7b chore: release 15.1.2
• 58810de chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (#275)
• d5cb3df deps: sigstore@1.3.0 (#276)
• fd44f5c chore: auto publish (#273)
• b5628b2 chore: template-oss-apply (#270)
• da3fccd chore: bump @ npmcli/template-oss from 4.12.0 to 4.13.0 (#269)
• 43363dd docs: update dist details (#266)
• c231986 deps: sigstore@^1.1.0
• 7a560db chore: postinstall for dependabot template-oss PR
• 05ab9a6 chore: bump @ npmcli/template-oss from 4.11.4 to 4.12.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)